It seems that every time something like this happens, the guilty party (when eventually forced to apologise) states that they 'take matters like this extremely seriously'.

What do they expect people to think of such a statement? That they're not only incompetent (or malicious), but also liars? If I were them, I'd apologise, promise to try not to do it again and leave it at that.

"You would have to tick a box to be added to the mailing list and that's probably how the data would have been made available for the email to go out"...

Well now that would explain people getting onto the mailing list... but not the fact that their email details their lack of success in obtaining a ticket...

So now, did any successful applicants get a similar spam offering them the chance to double up on their festival activities... or are we just looking at a case of data abuse?

Just to clarify your story a little - this year was the first time Glastonbury operated a registration scheme, where potential festival goers had to register their name, address and submit a photo in order to be eligible to buy tickets. This all had to be done by the 5th of March, otherwise one could not even attempt to buy tickets on the 1st April.

It would seem that the recipients of the spam email for the Latitude Festival were thus selected from the database of people who had registered but were nonetheless unsuccessful in buying tickets for Glastonbury.

Indeed I had registered back in February but in the end didn't even attempt to buy a ticket (other commitments prevailed), and as I was in no rush whatsoever back in February when I registered I can be 99.9% that if there was any need to opt out of information sharing with third parties I would have correctly opted out, whether that involved ticking or unticking boxes. Thus I'm 99.9% certain that there has been a breach in Glastonbury Festival's privacy policy and thus a contravention of the Data Protection Act. Very shabby behaviour by Mean Fiddler - unfortunately I suspect that they won't care very much as they've managed to get the word out about this Latitude Festival.

Sorry to be a devil's advocate here, but if customers sign up for something on See Tickets' website, and then are emailed BY See Tickets, that isn't a third party, surely? It's just an example of cross-selling. As far as I can see the data wasn't shared with the Latitude festival organisers.

.. Sent them all an email to go and have a shower...

I didn't actually order any tickets so no box was ticked. I pre-registered my interest in tickets but as I had secured tickets through another route I did not go through the See pages. The email address I used to pre-register on the glastonbury site was unique and has not been used elsewhere. On the registration site assurances were given that details would be used for no other purpose and accordingly there was no option to opt in or opt out of any future use of data

In other words, the 'tick box' defence is rubbish, certainly in my case

Only the people who didn't buy tickets got this email. So it couldn't possibly have been a tick box on the ticket purchasing page - as anyone who got there would have tickets!

See have messed up big-time...

This is wrong. I registered (picture, etc) but certainly didn't tick any "third party" box. I then didn't even try to buy a ticket when the time came.

The data has been swiped I reckon.

haven't received this "We also spoke to a Glastonbury spokesperson who claimed that an apology had been sent out to all those people targeted by the email."

I'm sure Mean Fiddler/SeeTickets could be sued for spam here.

On the day of the second issue (the returned or duplicated tickets), I got through after about 90 minutes on the international line, and was told that, as I was ringing from Ireland, I should have been using the UK internal number.

After explaining to the politely rude lady in the call centre that Ireland is in fact a foreign country, she refused to believe me, and hung up.

The internal number - once formatted correctly - couldn't even connect to a busy signal from the republic. I went back to the international line, and got through an hour later to be told that it was in fact the correct number for me, but that they had just sold out. So through sheer ignorance on the part of their staff, I missed out on my ticket.

I sent a polite but mildly sarcastic email of complaint, more to vent than anything, and heard absolutley nothing back.

Except the email about the Latitude festival, which knew I'd failed to get a ticket.

So that's two strikes, and despite what they claim in the article, precisely zero apologies. They've completely breached data protection, as they knew I'd failed to get a ticket - and the tick box excuse is just an attempt at damage limitation. I've lost a lot of faith in how Glasto is run, given the shambles that is their ticket system. Who knows who else they've passed my details to?

The seetickets explaination for the Latitude festival is not even valid, Glasto organisation (or more likely Live Nation (ex ClearChannel, new owner of Mean Fiddler)) should have directly passed the registered customers details.

I personaly pre-registered for Glastonbury but due to unplanned circumstances I was NOT able to try to grab tickets, so there is absolutely NO WAY that I would have signed up for anything on the Seetickets web site as I NEVER accessed it in relation to Glastonbury festival.

Yes.

But what can the ICO do? Nothing. It's a toothless paper tiger.

Until they are fined an appreciable multiple of 233,000, these kind of abuses will continue

I'm in the same boat as you, I registered but decided against even trying to get tickets, as WOMAD is coming to my home town this year. And yet I got the email... :(

Anything that diverts wannabe-Glastos from the festivals I go to HAS to be a good thing :)

I received one of these emails and I know for a fact that I did NOT leave any permission for them to circulate my details to third parties. They are lying our their arses.

Has anyone actually received the apology mentioned in the article? Like all-else, I received the spam no bother, but I'll be damned if a desperate desert wind ain't now blowing through my inbox. Ah well.

I got the spam (but haven't seen the apology, presumably because spam filters have kicked in).

Although I registered for the festival, in the event I *didn't* try to buy tickets, so the fact that I failed to buy a ticket could only be inferred by comparing the registration database with the list of successful purchases.

Which is quite different from the story we're being told.

John,

No sign of any apology here. They're bullsh***ing us on the tickbox excuse, and they're bullsh***ing us on the apology too.

This clearly should be acted on, but as previous posters have pointed out, the ICO are unlikely to act meaningfully.

Does anyone know if, as a resident of ROI, do I hav e grounds to compain about them under Irish law instead?

Registered

Decided not to bother with the scrum

Got spam

No Apology